U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Microsoft
  • Search Type: Search Last 3 Months
  • CPE Name Search: false
There are 99 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2025-21408

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Published: February 06, 2025; 6:15:09 PM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2025-21404

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Published: February 06, 2025; 6:15:09 PM -0500
V4.0:(not available)
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2025-21342

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Published: February 06, 2025; 6:15:09 PM -0500
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2025-21283

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Published: February 06, 2025; 6:15:09 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2025-21279

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Published: February 06, 2025; 6:15:09 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2025-21267

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Published: February 06, 2025; 6:15:08 PM -0500
V4.0:(not available)
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2025-21253

Microsoft Edge for IOS and Android Spoofing Vulnerability

Published: February 06, 2025; 6:15:08 PM -0500
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2025-21177

Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.

Published: February 06, 2025; 6:15:08 PM -0500
V4.0:(not available)
V3.1: 8.7 HIGH
V2.0:(not available)
CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.

Published: February 06, 2025; 11:15:41 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-21396

Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network.

Published: January 29, 2025; 6:15:32 PM -0500
V4.0:(not available)
V3.1: 8.2 HIGH
V2.0:(not available)
CVE-2025-21262

User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network

Published: January 24, 2025; 5:15:38 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-24034

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially exposing sensitive authentication data. Similarly, Kerberos Ticket-Granting Tickets (TGTs) are logged when debug logging is enabled. Both issues pose a risk of exposing sensitive credentials, particularly in environments where debug logging is enabled. Himmelblau versions 0.7.15 and 0.8.3 contain a patch that fixes both issues. Some workarounds are available for users who are unable to upgrade. For the **logon compliance script issue**, disable the `logon_script` option in `/etc/himmelblau/himmelblau.conf`, and avoid using the `-d` flag when starting the `himmelblaud` daemon. For the Kerberos CCache issue, one may disable debug logging globally by setting the `debug` option in `/etc/himmelblau/himmelblau.conf` to `false` and avoiding the `-d` parameter when starting `himmelblaud`.

Published: January 23, 2025; 1:15:33 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-21399

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Published: January 17, 2025; 3:15:46 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2025-21185

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Published: January 17, 2025; 3:15:30 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2025-21402

Microsoft Office OneNote Remote Code Execution Vulnerability

Published: January 14, 2025; 1:16:04 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-21395

Microsoft Access Remote Code Execution Vulnerability

Published: January 14, 2025; 1:16:04 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-21393

Microsoft SharePoint Server Spoofing Vulnerability

Published: January 14, 2025; 1:16:03 PM -0500
V4.0:(not available)
V3.1: 6.3 MEDIUM
V2.0:(not available)
CVE-2025-21372

Microsoft Brokering File System Elevation of Privilege Vulnerability

Published: January 14, 2025; 1:16:02 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-21366

Microsoft Access Remote Code Execution Vulnerability

Published: January 14, 2025; 1:16:02 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2025-21365

Microsoft Office Remote Code Execution Vulnerability

Published: January 14, 2025; 1:16:02 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)